Vulnerability Database

309,469

Total vulnerabilities in the database

CVE-2024-5186

A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could result in unauthorized access to the local network and potentially sensitive information. Specifically, by manipulating the 'path' parameter in a file upload request, an attacker can cause the application to make arbitrary requests to internal services, including the AWS metadata endpoint. This issue could lead to the exposure of internal servers and sensitive data.

Published: Jun 6, 2024
Updated: Nov 16, 2025
CVE: CVE-2024-5186
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
pribai / privategpt	0.5.0	0.5.0.x

https://huntr.com/bounties/5f421645-3546-4a67-a421-ee1bc4b6e3a3

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo